SOC Analyst Salary Guide 2026: Tier 1 to Tier 3
SOC analyst salary ranges by tier, experience, and location — honest estimates with factors that actually move your comp as a career switcher.

The average SOC analyst salary in the US sits between roughly $77,000 and $104,000 per year across all experience levels, depending on which source you trust. But that blended average hides the number most readers actually want: an entry-level (Tier 1) SOC analyst earns roughly $48,000 to $72,000, while experienced Tier 3 analysts, detection engineers, and SOC leads reach $110,000 to $145,000 in major markets. The gap between those two is closed by demonstrable skill, not years served. For a career switcher coming out of IT helpdesk in the low $50,000s, the first SOC offer is usually a real raise, and the start of a trajectory that helpdesk rarely offers.
Why the wide spread in the headline average? Because every aggregator measures a slightly different population. As of mid-2026, Salary.com lists about $77,500 (range $65,973 to $92,064), ZipRecruiter about $76,300 for a Tier 1 "Soc Level 1 Analyst," Glassdoor about $100,545, Coursera about $100,000, and Indeed about $103,713. The higher figures pull in senior and engineering-track analysts; the lower figures weight entry-level postings more heavily. In hourly terms that is roughly $37 to $48 per hour on average, with Tier 1 closer to $23 to $33.
This guide breaks those ranges down by tier, experience, location, and certification with honest estimates, not marketing copy. The figures below are drawn from public data, including the Bureau of Labor Statistics Occupational Employment and Wage Statistics for information security analysts and salary aggregator data from Glassdoor, Indeed, Salary.com, ZipRecruiter, and LinkedIn Salary. They are rounded ranges, not precise claims. Markets move, titles vary, and a "SOC analyst" at a Fortune 50 financial institution is a different job than a "SOC analyst" at a 50-person SaaS startup, even when the LinkedIn title is identical. See the methodology note at the end for exactly how these were assembled.
What Entry Level SOC Analyst Salary Looks Like at Tier 1
Tier 1 is the intake level: alert queue management, initial triage, playbook execution, and escalation decisions. The work is high-volume and process-driven. The learning curve is steep in the first three months and then plateaus unless you push into adjacent skills.
Estimated US salary range for Tier 1, based on aggregated public data:
| Experience | Remote | On-Site (Major Metro) | On-Site (Mid-Market) |
|---|---|---|---|
| 0 to 1 year | $48,000 to $58,000 | $52,000 to $68,000 | $48,000 to $62,000 |
| 1 to 2 years | $54,000 to $66,000 | $60,000 to $75,000 | $52,000 to $68,000 |
These figures are estimates. The BLS median for information security analysts sits around $120,000 across all experience levels, which skews high because it includes senior and engineering-track roles. Entry-level Tier 1 positions cluster well below that median.
What moves pay within Tier 1 more than anything else is the employer type. A Managed Security Service Provider (MSSP) tends to pay at the lower end of this range because the model is throughput: analysts handle alerts at volume, shifts rotate, and the margin structure limits salary budgets. Internal corporate SOC teams at financial services, healthcare, or government contractors often pay 15 to 25 percent more at the same experience level because they are optimizing for depth, not breadth.
Note
If you are coming from IT helpdesk at $42,000 to $50,000, a Tier 1 SOC offer in the $54,000 to $60,000 range is a real and immediate improvement. The ceiling after that depends entirely on whether you treat the role as a job or as a structured skills ramp.
The comparison to helpdesk matters here. According to aggregated data on Glassdoor's IT Support Specialist salary pages, the typical US helpdesk or IT support specialist range runs from $40,000 to $58,000. A Tier 1 SOC role offers meaningful entry-level headroom, and — more importantly — a career trajectory that helpdesk rarely provides.
SOC Analyst Tier 1 Salary vs. Tier 2: The Second-Year Jump
Tier 2 is where the work changes character. You are no longer following a playbook on every alert. You are correlating events across tools, identifying patterns that tier-1 filters miss, handling escalations that require actual investigation, and starting to understand the detection logic behind the rules you have been running.
Estimated US salary range for Tier 2:
| Experience | Remote | On-Site (Major Metro) | On-Site (Mid-Market) |
|---|---|---|---|
| 2 to 3 years | $68,000 to $85,000 | $75,000 to $95,000 | $65,000 to $82,000 |
| 3 to 5 years | $78,000 to $98,000 | $85,000 to $110,000 | $72,000 to $92,000 |
The jump from Tier 1 to Tier 2 compensation is not automatic. It tracks skill acquisition, not time served. Analysts who reach Tier 2 pay in eighteen to twenty-four months are typically the ones who learned to write queries, built personal investigation workflows, and started contributing to playbook improvements rather than just executing them.
Warning
Title inflation is real in this space. Some employers list "Tier 2 SOC Analyst" as the title for what is functionally Tier 1 work, while others call the same scope "Security Analyst" or "Incident Responder." Evaluate the job description, not the tier number. Ask during interviews: "What percentage of your Tier 2 analysts write or modify detection rules?" The answer tells you whether the role is actually at that level.
The skills that accelerate the Tier 1-to-Tier 2 pay move in practice are query language fluency (SPL for Splunk, KQL for Sentinel), familiarity with endpoint detection and response (EDR) tooling, and the ability to independently scope an incident — meaning you can tell your lead not just that something fired, but what the full blast radius looks like. These are demonstrable in an interview, which matters for negotiation in ways that cert listings do not.
Free forever · No credit card
Train on real alerts, with zero consequences
Practice triage on realistic alert volume in a live SOC console. Free forever — no credit card.
Senior SOC Analyst Salary at Tier 3 and Beyond
Tier 3 is a different profession with a similar job title. The work includes threat hunting (going looking for adversaries who have not triggered any alert), detection engineering (writing and maintaining the rules that Tier 1 executes), incident command, forensics, and in many organizations, advising security architecture decisions.
Estimated US salary range for Tier 3 and senior roles:
| Role | Remote | On-Site (Major Metro) | On-Site (Mid-Market) |
|---|---|---|---|
| Tier 3 Analyst | $90,000 to $115,000 | $100,000 to $130,000 | $85,000 to $110,000 |
| SOC Lead / Manager | $105,000 to $130,000 | $115,000 to $145,000 | $95,000 to $120,000 |
| Detection Engineer | $105,000 to $135,000 | $115,000 to $155,000 | $98,000 to $125,000 |
| Threat Hunter | $110,000 to $140,000 | $120,000 to $160,000 | $100,000 to $130,000 |
A Tier 3 analyst at a large financial institution or defense contractor in a high-cost market can exceed these ranges meaningfully, particularly when clearance and on-call premiums are included. SANS SOC surveys have repeatedly shown compensation at the senior analyst and lead level correlating strongly with the organization's threat surface and regulated-industry classification.
What separates Tier 3 earners from Tier 2 earners is rarely the number of years worked. It is the ability to operate without a playbook, produce original analysis, and explain adversary behavior in terms that inform decisions rather than just describe events. That is a skills gap, not a time gap.
Factors That Move SOC Analyst Salary Beyond Tier
The tier-and-experience table is a baseline. These factors shift actual offers above or below it:
Location. The BLS shows the highest concentrations of information security analyst jobs in Virginia (particularly the Northern Virginia/DC corridor), California, Texas, New York, and Maryland. Northern Virginia commands a persistent premium driven by the federal contractor and intelligence community market. A Tier 2 analyst in Tysons Corner earns materially more than the same profile in Omaha, even at the same employer type. Location effects are large enough that the same Tier 1 title pays very differently across metros. The illustrative spread below blends aggregator metro data with the tier ranges in this guide:
| Location | Tier 1 (entry) | Mid / Tier 2 | What drives it |
|---|---|---|---|
| SF Bay Area / Silicon Valley, CA | $70,000 to $90,000 | $95,000 to $125,000 | Tech-sector pay bands, high cost of living |
| New York City, NY | $60,000 to $80,000 | $85,000 to $115,000 | Finance sector concentration |
| Northern Virginia / DC | $58,000 to $78,000 | $85,000 to $120,000 | Federal contractors, clearance premiums |
| Texas (Austin, Dallas) | $52,000 to $70,000 | $75,000 to $100,000 | Growing tech hubs, no state income tax |
| Mid-market / lower-cost metros | $48,000 to $62,000 | $65,000 to $88,000 | Lower cost of living, fewer enterprise SOCs |
Treat these as directional. ZipRecruiter's top-paying-cities data for Tier 1 roles, for example, clusters the San Francisco, Palo Alto, Santa Clara, and Sunnyvale markets near $89,000 to $90,000, well above the national Tier 1 average, because those numbers reflect tech-sector compensation rather than the broader SOC market.
Security clearance. A DoD Secret clearance consistently adds $10,000 to $20,000 annually to base salary for cleared SOC roles, with TS/SCI adding more. Clearance-eligible candidates with no clearance yet still benefit because the employer sponsors the investigation. If you are a career switcher with a clean background and US citizenship, this is an underappreciated lever.
Industry vertical. Finance, defense contracting, healthcare (HIPAA-driven security investment), and critical infrastructure operators pay above the general market. SaaS startups and early-stage companies may offer equity that compensates for below-market cash, but that is a speculative instrument; treat it as optionality, not compensation.
On-call and shift differentials. SOC roles at enterprise organizations often include shift differential pay for overnight or weekend coverage, which can add $4,000 to $12,000 annually to published base salary figures. MSSP roles almost always involve shift rotation without differential; enterprise roles are more likely to compensate it explicitly.
Specialization. Cloud security operations, operational technology (OT/ICS) security monitoring, and identity threat detection are areas where specialized analysts routinely negotiate 15 to 20 percent above the generic tier rate because the talent pool is smaller.
Note
The CyberSeek interactive career pathway tool shows live job posting data and transition pathways from adjacent roles including IT support, network administrator, and help desk. It is one of the more reliable free tools for validating whether the salary conversations you are having match the market.
SOC Analyst Salary by Certification
The honest version first: a certification by itself rarely moves a salary number. What it moves is the probability your application clears the recruiter filter, and which roles you become eligible for. The salary delta shows up indirectly, through the doors a cert opens, not as a line-item raise. With that caveat, here is how the common certifications map to compensation tiers for SOC-bound candidates.
| Certification | Where it lands you | Practical comp effect |
|---|---|---|
| CompTIA Security+ | Clears the entry-level filter; DoD 8570 baseline | Gets you to the Tier 1 starting range at all; minimal premium by itself |
| BTL1 (Blue Team Level 1) | Differentiates in the Tier 1 applicant pool | Indirect: a portfolio artifact that wins competitive entry offers |
| CompTIA CySA+ | Signals readiness for Tier 2 analysis | Supports the move into the $68,000 to $98,000 Tier 2 band |
| Microsoft SC-200 | Microsoft Sentinel shops specifically | Day-one relevance at Microsoft-stack employers; role-specific, not general |
| GIAC (GCIA, GCIH, GSEC) | Senior and regulated-industry roles | Correlates with the top of the Tier 3 range, often employer-funded |
| Security clearance (DoD Secret, TS/SCI) | Cleared federal/contractor roles | The single biggest defensible lever: $10,000 to $20,000-plus on base |
The pattern across all of them: early certifications (Security+, BTL1) get you in the door at the entry range, mid-tier certifications (CySA+, SC-200) support the jump to Tier 2 pay once you have triage experience to back them, and the largest dollar lever for a US-citizen career switcher is not a certification at all but eligibility for a security clearance. For a full ROI-ranked breakdown of which certifications to pursue and in what order, see the best cybersecurity certifications for beginners guide.
Remote SOC Analyst Pay: Honest Assessment
Remote SOC roles exist and have grown since 2020. Most Tier 1 MSSP roles are fully remote. Tier 2 and above remote roles are common at employers who have built distributed teams. Tier 3 and leadership roles skew toward hybrid or on-site, partly for access to sensitive systems and partly for the coordination overhead of incident command.
The pay reality: it depends on the employer's compensation philosophy. Geo-adjusted employers (including many large tech companies and some MSSPs) apply a location factor to base salary. A $72,000 role for someone in San Francisco might offer $58,000 to a candidate in Nashville under the same band. Employers using national market rates pay identically regardless of location.
The practical negotiation move: ask directly during the offer stage whether the role uses location-adjusted compensation or a national pay band. This is a legitimate, expected question. The answer determines your baseline and your future comp ceiling at that employer.
How Skills Move Comp for Career Switchers
The advice you see most often — "get CompTIA Security+" — is correct but incomplete. CompTIA Security+ appears in a large proportion of entry-level job postings and is a reasonable first credential. It signals foundational knowledge and satisfies DoD 8570 baseline requirements for certain federal roles. But it does not negotiate salary. Skills demonstrate in interviews.
The skills that actually shift what a hiring manager will offer a career switcher:
Query language proficiency. If you can sit down at a whiteboard and write a Splunk SPL query to find failed authentications followed by a successful one from the same source IP, you have demonstrated something certs do not. The same applies to KQL for Microsoft Sentinel. These are learnable in three to six months of deliberate practice.
Alert triage speed and decision quality. Hiring managers at serious SOC teams care about how you reason under uncertainty and time pressure. Candidates who can walk through their triage logic on a sample alert — articulating why they would or would not escalate — demonstrate the actual job skill. See the alert triage guide for the core decision framework.
Familiarity with at least one EDR platform. CrowdStrike Falcon, Microsoft Defender for Endpoint, and SentinelOne are the dominant market players. Understanding how to read a process tree, interpret a behavioral detection, and pivot from an endpoint alert to network context is Tier 2-level work that Tier 1 candidates who demonstrate it can negotiate into.
The analysts who advance fastest are not the ones who know the most tools — they are the ones who can explain their reasoning clearly, even when they turn out to be wrong.
The career switcher negotiation position is stronger than most candidates realize. Helpdesk experience translates directly: you understand production environments, you have dealt with users under stress, and you have operated within change control and ticketing workflows. Frame that context explicitly. A SOC team deals with those same systems and those same users. You are not starting from zero.
What Actually Closes the Tier 1-to-Tier 2 Gap
The single lever with the best return is not another line on your resume — it is query fluency plus triage judgment you can demonstrate live. A candidate who writes a working SPL or KQL query at the whiteboard and reasons cleanly through a sample alert moves the offer number in a way no certificate does. The fastest route to a first credential is still CompTIA Security+ and the other beginner certs ranked by ROI; the fastest route to the demonstrable skill that follows it is repetition on alerts that behave like the real queue.
SOCSimulator's training operations runs SIEM, XDR, and firewall scenarios at actual queue volume, with the shift pressure that makes or breaks a new analyst in their first sixty days. No production risk, and the verdict feedback is what turns "I read about triage" into "I can talk through my triage logic" — which is exactly what the offer stage rewards.
Understanding the salary landscape is only useful if you also understand what the job actually involves day to day and how to make the transition from your current role. When you get to the interview stage, the SOC analyst interview questions guide covers the compensation conversation alongside the technical questions you will face.
The jump from helpdesk to SOC is real. The salary improvement is real. What makes it work is treating the first two years as a deliberate skills ramp rather than a waiting game.
Methodology: How These Numbers Were Built
Transparency matters more than a confident-sounding single figure, so here is exactly how the ranges in this guide were assembled and why they sometimes sit below the headline averages you will see elsewhere.
The blended averages come from cross-referencing public salary aggregators as of mid-2026: Salary.com (about $77,500, range $65,973 to $92,064), ZipRecruiter (about $76,300 for a Tier 1 "Soc Level 1 Analyst"), Glassdoor (about $100,545), Coursera (about $100,000), Indeed (about $103,713), and Talent.com (about $90,000, entry-level start near $60,751). The tier-by-tier ranges then disaggregate those blended numbers, because a single average across all experience levels is misleading for someone trying to understand a first offer versus a senior one.
Three deliberate choices explain the rest:
- Tier 1 ranges sit below the aggregator average on purpose. Aggregator "SOC analyst" averages mix entry-level, mid-level, senior, and engineering-track roles into one number. Isolating genuine Tier 1 entry pay produces a lower, more honest figure for career switchers than quoting the all-levels average.
- The BLS median is treated as a ceiling reference, not a starting point. The BLS median for information security analysts is about $120,000 across all experience levels, which is well above realistic Tier 1 pay because the occupation code includes senior and engineering roles.
- Ranges are rounded and directional. They are not precise claims. Real offers vary by employer type (MSSP versus internal corporate SOC), industry vertical, location, clearance status, and shift differentials, all covered above.
Verify current market rates through active job postings, the CyberSeek pathway tool, and salary aggregators before you negotiate. Use this guide to understand the structure of SOC compensation; use live postings to pin down the number for your specific market.
Salary ranges cited in this article are estimates based on publicly available BLS occupational data and aggregated ranges from Salary.com, Glassdoor, Indeed, ZipRecruiter, Coursera, Talent.com, and LinkedIn Salary as of mid-2026. Actual offers vary by employer, location, industry, clearance, and specific role requirements. Verify current market rates through active job postings and salary aggregator tools before negotiating.
Frequently Asked Questions
- How much does an entry level SOC analyst make?
- Entry-level (Tier 1) SOC analysts in the US typically earn between $48,000 and $72,000 per year, based on estimates aggregated from BLS data for information security analysts and salary aggregators like Glassdoor and LinkedIn Salary. Location, industry, and whether the role is remote or on-site shift the number considerably — government-adjacent roles with a clearance pathway often start higher.
- Do SOC analysts get paid well?
- Compared to most IT helpdesk and general support roles, yes. A Tier 1 SOC analyst typically earns 20 to 40 percent more than a helpdesk technician at the same experience level, and the ceiling rises sharply at Tier 3 and senior specialist tracks. The trade-off is shift work, on-call pressure, and sustained focus under alert volume — factors that also compress the total-compensation gap between SOC and adjacent IT roles once you account for on-call differentials.
- What is the salary difference between Tier 1 and Tier 3 SOC analyst?
- The gap is substantial. Tier 1 roles typically range from $48,000 to $72,000, while experienced Tier 3 analysts and SOC leads commonly reach $110,000 to $145,000 in major US markets. That spread reflects not just tenure but a fundamentally different scope of work: Tier 1 handles alert triage at volume while Tier 3 does threat hunting, tool engineering, and incident command. The skills jump between tiers is what drives the pay jump.
- Does remote work pay less for SOC analysts?
- It depends on whether the employer uses a geo-adjusted pay model or a market-rate model. Fully-remote SOC roles at companies with location-based compensation will pay less in lower cost-of-living areas. Employers who use national market rates pay the same regardless of location. Managed Security Service Provider (MSSP) roles, which are commonly remote, tend to pay at the lower end of the tier range partly because volume throughput is the model, not deep specialization.
- Is SOC analyst a high paying job?
- It pays well relative to other entry points into tech, though not at the top of the cybersecurity field. Salary aggregators put the blended US average for a SOC analyst across all experience levels between roughly $77,000 and $104,000 (Salary.com lists about $77,500, Glassdoor and Coursera near $100,000, Indeed about $103,700). Those averages run high because they mix in senior and engineering-track analysts. Entry-level Tier 1 pay is meaningfully below the blended average, while Tier 3 and specialist roles sit well above it. Compared with help desk or general IT support, even a first SOC role is usually a raise.
- How much does a SOC analyst make per hour?
- Hourly figures track the annual ranges. Aggregators put the US average around $37 to $48 per hour (Salary.com about $37, ZipRecruiter about $36.67 for a Tier 1 role, Cyber Security Jobs about $47, Talent.com about $45.55). A Tier 1 analyst typically falls in the $23 to $33 per hour range; experienced Tier 3 analysts and leads exceed $50 per hour before shift differentials and on-call premiums.
- How much does a Tier 1 SOC analyst make?
- An entry-level Tier 1 SOC analyst in the US typically earns between $48,000 and $72,000 per year, depending on location and employer type. ZipRecruiter lists a national Tier 1 (Soc Level 1 Analyst) average near $76,000, skewed upward by high-cost metros such as the San Francisco Bay Area, where listed averages approach $90,000. Managed Security Service Provider (MSSP) roles cluster at the lower end; internal corporate SOC teams in regulated industries pay 15 to 25 percent more.
- Will AI replace SOC analysts?
- AI is automating the repetitive parts of Tier 1 work (alert deduplication, basic enrichment, first-pass triage), but it is not eliminating the role. The judgment-heavy work of scoping an incident, reasoning under uncertainty, and deciding what to escalate still needs a human. The practical effect on pay is that analysts who can work alongside AI tooling and move quickly toward Tier 2 investigation skills protect and grow their compensation; those who only do mechanical triage are most exposed.
Field notes
New walkthroughs and detections, in your inbox
A short email when we publish something worth your time. No spam, unsubscribe in one click.
Community
Continue the conversation
Discuss this with analysts who are actively training and working in the field.
Related Articles

Best Cybersecurity Certifications for Beginners (2026)
Best cybersecurity certifications for beginners in 2026, ranked by ROI for SOC-bound career switchers. Honest costs, HR recognition, and skill signal per cert.

How to Become a SOC Analyst (With or Without a Degree)
How to become a SOC analyst: a realistic roadmap from IT helpdesk to SOC, covering certs, hands-on practice, and what hiring managers actually screen for.

Best EDR Tools in 2026: What Tier 1 Analysts Learn First
Best EDR tools for SOC analysts: CrowdStrike, Defender, SentinelOne, Cortex XDR and more — ranked by console learnability and job-market frequency.